Analysis & Opinion

WASHINGTON (Reuters) - The U.S.-China Business Council on Monday criticized a new law aimed at thwarting cyber attacks by discouraging the Justice Department and several other government agencies from buying information technology systems from China.

"The national security of the United States is critical, but it must not be used as a means of protectionism," John Frisbie, the group's president, said in a letter urging leaders in the Senate and the House of Representatives to block similar measures in the future.

"Product security is a function of how a product is made, used, and maintained, rather than by whom or where it is made. Imposing a country-specific risk assessment creates a false sense of security if the goal is to improve our nation's cybersecurity," Frisbie said.

Congress, reflecting growing U.S. concern over Chinese cyber attacks, tucked a new review process for U.S. government technology purchases into a funding bill signed last month by President Barack Obama.

The measure requires the NASA space agency, the Justice and Commerce departments and the National Science Foundation to get approval from law enforcement officials when buying new information technology systems, with a particular focus on whether the systems are "produced, manufactured or assembled by one or more entities that are owned, directed or subsidized" by China.

Chinese officials have urged the United States to repeal the law, which they said uses Internet security as an excuse to take discriminatory steps against Chinese firms.

Fearing Chinese retaliation and copycat legislation in other countries that could harm U.S. interests, the Information Technology Industry Association, Business Software Alliance and other business groups also wrote to congressional leaders on Friday to urge reconsideration of the new law.

"Given the expedited manner in which this provision was enacted, we ask the Congress to review the security implications and competitive impact of this requirement, and consider a more constructive approach to this issue," they said.

The new provision also could inadvertently impede the U.S. government's ability to use the latest cutting-edge technology to protect itself, the groups argued.

"The requirement to assess every IT product purchase, absent any triggering threshold, will likely slow the federal acquisition process and put impacted federal agencies behind the security innovation curve," they said.